Objective: To disable password based logins and login only using key based authentication. Will create a pem file which will be used to access the server. OS used is CentOS 7 64bit.

Note: Change the trb name to your own key name.

1- Cd to the dir for which server/domain you want to create the keys, remember it’s on your local machine:

cd /backup/therandombits.com/keys/

2- Create the keys, this will create public and private keys. Enter the name(trb in my case) when asked. I skipped the passphrase.

ssh-keygen -t rsa -b 2048

3- Let’s keep the private key as it is and create a new pem file from it:

openssl rsa -in trb -outform pem > trb.pem

Now copy the public key to your remote server by(change the ip to your server ip):

ssh-copy-id -i trb.pub root@1.12.123.3

4- Change the permissions of pem file:

chmod 400 trb.pem

5- Now login to the server with the pem file:

ssh -i trb.pem root@1.12.123.3

Keep this terminal tab open. In case something goes wrong, to revert back to older edits.

If you were able to login to your server, that means all good so far. Now let’s disable the password based logins.

6- Disable PasswordAuthentication in sshd_config:

vim /etc/ssh/sshd_config

Change PasswordAuthentication yes to PasswordAuthentication no. It will be most likely line number 79 in sshd_config file.

systemctl restart sshd

Now open new terminal/konsole tab and try to login with password as you were doing it before. If you get the following error then it means you successfully disabled the password based logins.

Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

I assume that the tab which you used for the key based login is still open and you are inside the server. Now try again with the key in a new tab, all good?, well that’s it then. If not try to rollback to the password based login and follow the steps again. Hope you will make it this time. 🙂